It would be pretty hard for the attacker to precisely arrange a hundred tiny sprinkles on the surface of a pill to exactly match a known-good pattern. (At least compared to just throwing a bunch of assorted sprinkles on the pill randomly and taking a photo of the result, which is what legitimate manufacturers would be doing.)
yeah, this is one common claim about sprinkles - that the pattern can't be reproduced. Is that so true? Manually, sure, probably, perhaps. But if sprinkles signing is common enough, or the attacker has enough budget - and they do - then sprinkles matching deserves a machine. A sprinkles printer.
And if you have a standard algorithm which converts a sprinkles picture or three into a hash. Then now you have a precise target for the machine to benchmark against.
